if reserve history computation reveals database inconsistency, do not abort but return proper error code

src/exchange/taler-exchange-httpd_db.c

@@ -748,10 +748,17 @@ execute_reserve_withdraw_transaction (struct MHD_Connection *connection,
                            &withdraw_total);
   }
   /* All reserve balances should be non-negative */
-  GNUNET_assert (GNUNET_SYSERR !=
+  if (GNUNET_SYSERR ==
       TALER_amount_subtract (&balance,
                              &deposit_total,
-                                        &withdraw_total));
+                             &withdraw_total))
+  {
+    GNUNET_break (0); /* database inconsistent */
+    TEH_plugin->rollback (TEH_plugin->cls,
+                          session);
+    return TEH_RESPONSE_reply_internal_db_error (connection,
+                                                 TALER_EC_WITHDRAW_RESERVE_HISTORY_IMPOSSIBLE);
+  }
   if (0 < TALER_amount_cmp (&amount_required,
                             &balance))
   {

src/include/taler_error_codes.h

@@ -232,6 +232,14 @@ enum TALER_ErrorCode
    */
   TALER_EC_WITHDRAW_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS = 1112,
 
+  /**
+   * When computing the reserve history, we ended up with a negative
+   * overall balance, which should be impossible.
+   * This response is provided with HTTP status code
+   * MHD_HTTP_INTERNAL_SERVER_ERROR.
+   */
+  TALER_EC_WITHDRAW_RESERVE_HISTORY_IMPOSSIBLE = 1113,
+
   /**
    * The exchange failed to obtain the transaction history of the
    * given reserve from the database.